package yns.springboot.common.sample.security.config;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

import yns.springboot.common.sample.security.handler.FailureHandler;
import yns.springboot.common.sample.security.handler.SuccessHandler;
import yns.springboot.common.sample.security.service.SystemUserDetailService;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

	private final Logger logger = LoggerFactory.getLogger(this.getClass());

	@Autowired
	private SystemUserDetailService systemUserDetailService;

	@Autowired
	private FailureHandler failureHandler;

	@Autowired
	private SuccessHandler successHandler;

	public void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(systemUserDetailService);
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Bean
	public WebSecurityCustomizer webSecurityCustomizer() {
		return (web) -> web.ignoring()
				// Spring Security should completely ignore URLs starting with /resources/
				.requestMatchers("/", "/index.html", "/js/**", "/css/**", "/template/**");
	}

	@Bean
	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		
		http.authorizeHttpRequests((authorizeHttpRequests) -> authorizeHttpRequests
					.requestMatchers("/","/public/**", "/index.html", "/js/**", "/css/**", "/template/**")
					.permitAll()
					.anyRequest().hasRole("USER"))
			.formLogin((formLogin) -> formLogin
					.loginPage("/login.html")
					.permitAll()
					.successHandler(successHandler)
					.failureHandler(failureHandler)
					.loginProcessingUrl("/login"))
			.logout((logout) -> logout.logoutUrl("/index.html"))
			.csrf((csrf) -> csrf.disable());
		
		return http.build();
	}

//	@Bean
//	public UserDetailsService userDetailsService() {
//		UserDetails user = User.withUsername("user").password("password").roles("USER")
//				.build();
//		UserDetails admin = User.withUsername("admin").password("password")
//				.roles("ADMIN", "USER").build();
//		return new InMemoryUserDetailsManager(user, admin);
//	}
}
